Back to Diana's contests

Polynomial Protocol contest - Diana's results

The DeFi Derivatives Powerhouse.

General Information

Platform: Code4rena

Start Date: 13/03/2023

Pot Size: $72,500 USDC

Total HM: 33

Participants: 35

Period: 7 days

Judge: Dravee

Total Solo HM: 16

Id: 222

League: ETH

Polynomial Protocol

Findings Distribution

Researcher Performance

Rank: 29/35

Findings: 1

Award: $105.15

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPolynomial Protocol

Findings Information

🌟 Selected for report: rbserver

Also found by: CRYP70, DadeKuma, Diana, sakshamguruji

Labels

bug
2 (Med Risk)
satisfactory
duplicate-232

Awards

105.1468 USDC - $105.15

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L183 https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L215 https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L243 https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L269

Vulnerability details

Impact

In LiquidityPool.sol, all deposit and withdraw functions contain the whenNotPaused modifier (For instance deposit(), queueDeposit(), processDeposits(), withdraw(), queueWithdraw(), processWithdraws()), while KangarooVault.sol also inherits from PauseModifier but the functions initiateDeposit(), initiateWithdrawal(), processDepositQueue() and processWithdrawalQueue() do not have the whenNotPaused modifier set.

All functions to deposit and withdraw should contain the same modifiers to stop transactions while paused.

Example with modifier https://github.com/code-423n4/2023-03-polynomial/blob/main/src/LiquidityPool.sol#L200-L204

function queueDeposit(uint256 amount, address user)
        external
        override
        nonReentrant
        whenNotPaused("POOL_QUEUE_DEPOSIT")

Proof of Concept

Users can use all the following functions initiateDeposit(), initiateWithdrawal(), processDepositQueue() and processWithdrawalQueue() to initiate deposit/withdrawal etc even when the contract is paused. Similar to the deposit and withdrawal functions in LiquidityPool.sol, these functions should contain the same modifier

https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L183

function initiateDeposit(address user, uint256 amount) external nonReentrant {

https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L215

function initiateWithdrawal(address user, uint256 tokens) external nonReentrant {

https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L243

function processDepositQueue(uint256 idCount) external nonReentrant {

https://github.com/code-423n4/2023-03-polynomial/blob/main/src/KangarooVault.sol#L269

function processWithdrawalQueue(uint256 idCount) external nonReentrant {

Add the whenNotPaused modifier to all functions that perform deposit and withdraw.

#0 - c4-judge

2023-03-22T18:33:15Z

JustDravee marked the issue as duplicate of #232

#1 - c4-judge

2023-05-03T00:06:28Z

JustDravee marked the issue as satisfactory

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter